background preloader

How the NSA's Firmware Hacking Works and Why It's So Unsettling

How the NSA's Firmware Hacking Works and Why It's So Unsettling
One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code. The Kaspersky researchers who uncovered this said its ability to subvert hard drive firmware—the guts of any computer—“surpasses anything else” they had ever seen. The hacking tool, believed to be a product of the NSA, is significant because subverting the firmware gives the attackers God-like control of the system in a way that is stealthy and persistent even through software updates. The module, named “nls_933w.dll”, is the first of its kind found in the wild and is used with both the EquationDrug and GrayFish spy platforms Kaspersky uncovered. It also has another capability: to create invisible storage space on the hard drive to hide data stolen from the system so the attackers can retrieve it later. Here’s what we know about the firmware-flashing module. How It Works Go Back to Top.

http://www.wired.com/2015/02/nsa-firmware-hacking/

Related:  Hacking & ExploitsMalwareMalicious Code

Top 10 Web hacking techniques of 2010 revealed Network World - A Web hack that can endanger online banking transactions is ranked the No. 1 new Web hacking technique for 2010 in a top 10 list selected by a panel of experts and open voting. Called the Padding Oracle Crypto Attack, the hack takes advantage of how Microsoft's Web framework ASP.NET protects AES encryption cookies. FROM THE SECURITY WORLD: Quirky moments at Black Hat DC 2011 If encryption data in the cookie has been changed, the way ASP.NET handles it results in the application leaking some information about how to decrypt the traffic.

Zeus (malware) "Zbot" redirects here. For the action figures, see Zbots. Zeus is very difficult to detect even with up-to-date antivirus software as it hides itself using stealth techniques[citation needed] It is considered that this is the primary reason why the Zeus malware has become the largest botnet on the Internet: some 3.6 million PCs are said to be infected in the U.S. alone[citation needed]. Security experts are advising that businesses continue to offer training to users to teach them to not to click on hostile or suspicious links in emails or Web sites, and to keep antivirus protection up to date. Antivirus software does not claim to reliably prevent infection; for example Browser Protection says that it can prevent "some infection attempts".[4] One countermeasure would be to run a hardware-based solution that is a non-writable, read-only file system and web browser, such as a secure hardware browser .

Dealing with CryptoLocker ransomware If you see this CryptoLocker image on your computer screen disconnect your computer from the internet immediately by removing your network cable or turning off the wireless connection. Also disconnect USB storage devices or network shares and turn off any cloud backup services you may use such as Dropbox or Office 365. Significant numbers of New Zealanders have been dealing with ransomware during 2013. Ransomware is a form of malicious software or ‘malware’ which demands payment to unlock your computer and can often prove difficult to clean up or remove from both PCs and Macs. CryptoLocker ransomware is the latest variant that now encrypts the files on your computer using a powerful algorithm that cannot be defeated without paying the sum asked for by the cyber criminals.

Phone hacking Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by accessing the voicemail messages of a mobile phone without the consent of the phone's owner. The term came to prominence during the News International phone hacking scandal, in which it was alleged (and in some cases proved in court) that the British tabloid newspaper the News of the World had been involved in the interception of voicemail messages of the British Royal Family, other public figures, and the murdered schoolgirl Milly Dowler.[1] Risks[edit]

Carberp Family Malware Targeting the Banking Sector -HackSurfer A challenge incident responders and fraud analysts for firms in the banking and financial services sector (BFSS) will soon be faced with is an increased incidence of customer take-over fraud from a very advanced malware family that was recently released into the wild (Cohen, 2013, July 9). After the historic ZeuS Trojan was released into the wild more sophisticated programmers transformed this already powerful banking Trojan into the very virulent Citadel Trojan. The Citadel permutation was even more resilient, evasive, and sophisticated than the ZeuS Trojan (ibid. p.1). Equation: The Death Star of Malware Galaxy Download "Equation group: questions and answers" PDF "Houston, we have a problem" One sunny day in 2009, Grzegorz Brzęczyszczykiewicz1 embarked on a flight to the burgeoning city of Houston to attend a prestigious international scientific conference. As a leading scientist in his field, such trips were common for Grzegorz. Over the next couple of days, Mr Brzęczyszczykiewicz exchanged business cards with other researchers and talked about the kind of important issues such high level scientists would discuss (which is another way of saying "who knows?"). But, all good things must come to an end; the conference finished and Grzegorz Brzęczyszczykiewicz flew back home, carrying with him many highlights from a memorable event.

Smartsniff Password Sniffer Related Links Windows Password Recovery ToolsSmartSniff - Monitoring TCP/IP packets on your network adapter Mail PassView - Recover POP3/IMAP/SMTP email passwords. Dialupass - Recover VPN/RAS/Dialup passwords Search for other utilities in NirSoft Description The Father of Zeus: Kronos Malware Discovered While major players like Zeus, Gozi, Citadel and other advanced financial malware dominate the malware threat landscape, newcomers and challengers always try to get a share of the cyber crime market. One such new malware that was recently made available for purchase in a Russian underground forum is the Kronos malware. With a $7,000 price tag, this malware offers multiple modules for evading detection and analysis as well as an option to test the malware for a week prior to buying it. Note that the following descriptions of Kronos are based solely on entries in the underground forum; Trusteer, an IBM company, has not yet analyzed a malware sample in order to validate the seller’s claims.

Self-deleting malware targets home routers to gather information March 11, 2015 Attackers could be using VICEPASS for reconnaissance, or for future cross-site request forgery attacks. Researchers with Trend Micro have analyzed malware that first connects to home routers and scans for connected devices, and then sends the information it gathers to a command-and-control (C&C) server before deleting itself without a trace. The malware was detected by Trend Micro as TROJ_VICEPASS.A, or VICEPASS, and it has been observed infecting users that navigate to malicious websites hosting a purported Adobe Flash update, according to a Monday post by Kenney Lu, of Trend Micro. Once downloaded and executed, the malware uses a predefined list of usernames and passwords to attempt to connect to the home router, Lu wrote. Some of the usernames include admin, D-Link, guest, root and user, and some of the passwords include 12345678, admin, password and qwerty.

Related: